General Security Controls Sample Clauses

The General Security Controls clause establishes baseline requirements for protecting information and systems from unauthorized access, use, or disclosure. It typically mandates that parties implement industry-standard security measures such as firewalls, encryption, access controls, and regular security assessments to safeguard sensitive data. By setting these expectations, the clause helps ensure that both parties maintain adequate security practices, thereby reducing the risk of data breaches and ensuring compliance with relevant laws and regulations.
General Security Controls. Contractor and its sub-contractors or vendors shall take all steps necessary to ensure the continuous security of all computerized data systems containing Protected Information, and to protect paper documents containing Protected Information. These steps shall include, at a minimum: 1. Complying with and ensuring its sub-contractors or vendors comply with all the data system security precautions listed in this Exhibit I including all documents incorporated by reference; and, 2. As applicable for Contractor’s information systems, providing a level and scope of security that is at least comparable to the level and scope of security established by the Office of Management and Budget in OMB Circular No. A-130, Appendix III- Security of Federal Automated Information Systems, which sets forth guidelines for automated information systems in federal agencies; and 3. Preserving and ensuring its sub-contractors or vendors preserve, the confidentiality, integrity, and availability of Protected Information with administrative, technical, and physical measures that conform to generally recognized industry standards and best practices that contractor then applies to its own processing environment. Maintenance of a secure processing environment includes, but is not limited to, the timely application of patches, fixes, and updates to operating systems and applications as provided by Contractor and/or its sub-contractors or vendors. Contractor agrees to, and shall ensure that its sub-contractors or venders, comply with County’s current and future information security policies, standards, procedures, and guidelines.
View SourceView Similar (3)
General Security Controls. 3.1 SUPPLIER FACILITIESACCESS CONTROLS, FACILITY RESTRICTIONS; EMERGENCY PROCEDURES. 3.1.1 Physical security measures implemented at Supplier’s data center facilities, buildings, office spaces, and secured areas within the facility from which Supplier provides the Services (“Facilities”) must be designed to protect employees, visitors, and assets used in the provision of Software, Services, and/or Deliverables under the Agreement. Access to Facilities must be monitored and restricted, using Physical Security Controls. “Physical Security Controls” consist of a combination of access control systems, monitoring systems, security officers and procedures for controlling access to buildings and sensitive or restricted areas.
View Source
General Security Controls 
View SourceView Similar (34)

Related to General Security Controls

  • Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.

  • Security Controls Annually, upon Fund’s reasonable request, DST shall provide Fund’s Chief Information Security Officer or his or her designee with a summary of its corporate information security policy and an opportunity to discuss DST’s information security measures, and a high level and non-confidential summary of any penetration testing related to the provision of in-scope services . DST shall review its Security Policy annually.

  • Security Controls for State Agency Data In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency’s risk under the Contract based on the sensitivity of System Agency’s data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract.

  • Audit Controls a. System Security Review. CONTRACTOR must ensure audit control mechanisms that record and examine system activity are in place. All systems processing and/or storing PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.